Force Clients to Use HTTPS Seamlessly

Forum Sentry is often used as a reverse proxy / gateway for HTML web sites and portals. Sentry administrators might want to force clients (e.g. web browsers or mobile apps) to use HTTPS, without having any errors returned if the clients use HTTP.

This How To guide details a method of seamlessly enforcing that SSL is used by your clients, without the client receiving any errors when they use HTTP.

Attached is a Sentry HTML Policy (fsg file) that demonstrates this use case setup, which is outlined below.

Notes on FSG file: The import password is password. The FSG import will create 3 listener policies using ports 88, 8088, and 4443. It is recommended to backup your existing Sentry configuration prior to importing this FSG.

Use Case Setup:

a. "HTTP_Loopback" using HTTP pointing to the "HTTP_Inside" policy on port 8088 (IMPORTANT - response processing needs to be turned ON) b. HTTPS policy pointing to www.forumsys.com on port 443 (specify an SSL Initiation policy without any mutual authentication). You can use any web site your Sentry instance has access to.

3. Create a redirect policy:

a. enable the redirect on "No Credentials" b. you can enter whatever you want in the URL field as this value will be overwritten with a task list. c. do not enable any other options.

4. Create 1 HTML policy with 3 virtual directories:

a. "HTTP Outside"

1. associate listener on port 88 2. set virtual directory to / 3. set remote path to / 4. set the remote policy to the "HTTP_Loopback" policy (pointing to the listener on port 8088)

c. "HTTPS" 1. associate the HTTPS listener on port 4443 2. set the virtual directory to / 3. set the remote path to / 4. set the remote policy to the back-end HTTPS remote policy (e.g. www.forumsys.com)

5. Associate the redirect policy created in step 3 to the "HTTP Inside" virtual directory.

6. Create 2 Task Lists and then associate each task list to its own Task List Group: